codeartifact-dependabot-sync/main.go at main · TierMobility/codeartifact-dependabot-sync · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
package main

import (
	"context"
	"flag"
	"fmt"
	"net/http"
	"os"
	"os/signal"
	"syscall"
	"time"

	"github.com/aws/aws-sdk-go-v2/aws"
	"github.com/aws/aws-sdk-go-v2/config"
	"github.com/aws/aws-sdk-go-v2/service/codeartifact"
	"github.com/prometheus/client_golang/prometheus/promhttp"
	"github.com/spf13/viper"

	"github.com/sirupsen/logrus"
)

func setupViper() {
	var (
		githubSecret            = flag.String("GITHUB_PRIVATE_KEY", os.Getenv("GITHUB_PRIVATE_KEY"), "GitHub secret for GitHub App authentication")
		githubAppID             = flag.String("GITHUB_APP_ID", os.Getenv("GITHUB_APP_ID"), "the ID of the GitHub App used for authentication")
		githubAppToken          = flag.String("GITHUB_APP_TOKEN", os.Getenv("GITHUB_APP_TOKEN"), "the token of the GitHub App used for authentication")
		organization            = flag.String("DEPENDABOT_ORG", os.Getenv("DEPENDABOT_ORG"), "the GitHub organization for which the secret should be created")
		tokenDuration           = flag.String("CODEARTIFACT_DURATION", os.Getenv("CODEARTIFACT_DURATION"), "duration of the AWS CodeArtifact authToken")
		codeartifactDomain      = flag.String("CODEARTIFACT_DOMAIN", os.Getenv("CODEARTIFACT_DOMAIN"), "AWS CodeArtifact Domain for which access is required")
		codeartifactDomainOwner = flag.String("CODEARTIFACT_DOMAIN_OWNER", os.Getenv("CODEARTIFACT_DOMAIN_OWNER"), "owner (AWS acc) for the AWS CodeArtifact domain")
		daemon                  = flag.Bool("DAEMON", true, "whether to run in Daemon mode, re-authenticating every 10 hours.")
	)

	flag.Parse()

	viper.Set("GITHUB_APP_ID", githubAppID)
	viper.Set("GITHUB_APP_TOKEN", githubAppToken)
	viper.Set("GITHUB_PRIVATE_KEY", githubSecret)
	viper.Set("DEPENDABOT_ORG", organization)
	viper.Set("CODEARTIFACT_DURATION", tokenDuration)
	viper.Set("CODEARTIFACT_DOMAIN", codeartifactDomain)
	viper.Set("CODEARTIFACT_DOMAIN_OWNER", codeartifactDomainOwner)
	viper.Set("DAEMON", daemon)
}

func main() {
	setupViper()

	ctx, cancel := context.WithCancel(context.Background())

	sigint := make(chan os.Signal, 1)
	signal.Notify(sigint, os.Interrupt, syscall.SIGTERM, syscall.SIGINT)

	go func() {
		select {
		case <-sigint:
			cancel()
		case <-ctx.Done():
			if ctx.Err() != nil {
				logrus.Errorf("received error in context: %v", ctx.Err())
			}
			logrus.Info("context closed. Shutting down ... ")
			return
		}
	}()

	cfg, err := config.LoadDefaultConfig(ctx)
	if err != nil {
		logrus.Fatalf("AWS config could not be created: %v", err)
	}

	run(ctx, cfg)
	if viper.GetBool("DAEMON") {
		go func() {
			mux := http.NewServeMux()
			mux.Handle("/metrics", promhttp.Handler())

			http.ListenAndServe("0.0.0.0:8701", mux)
		}()

		for range time.NewTicker(time.Hour * 10).C {
			run(ctx, cfg)
		}
	}
}

func run(ctx context.Context, cfg aws.Config) {
	// Get AWS CodeArtifact secret
	secret, err := getCodeArtifactSecret(ctx, cfg)
	if err != nil {
		logrus.Fatal(err)
	}

	ghClient, err := setupGitHubAppClient(ctx)
	if err != nil {
		logrus.Errorf("run failed with: %v", err)
	}

	if err := createOrUpdateDependabotSecret(ctx, ghClient, *secret); err != nil {
		logrus.Error(err)
	}
}

func getCodeArtifactSecret(ctx context.Context, cfg aws.Config) (*string, error) {
	var (
		domain      string = viper.GetString("CODEARTIFACT_DOMAIN")
		domainOwner string = viper.GetString("CODEARTIFACT_DOMAIN_OWNER")
		duration    int64  = viper.GetInt64("CODEARTIFACT_DURATION")
	)

	client := codeartifact.NewFromConfig(cfg)
	out, err := client.GetAuthorizationToken(ctx, &codeartifact.GetAuthorizationTokenInput{
		DurationSeconds: &duration,
		Domain:          &domain,
		DomainOwner:     &domainOwner,
	})

	if err != nil {
		return nil, fmt.Errorf("retrieving code artifact secret: %w", err)
	}

	return out.AuthorizationToken, nil
}